From 3a38cfb2efd9bf97efa0dff1c311da1b01f04de8 Mon Sep 17 00:00:00 2001
From: Spyros Trigazis <spyridon.trigazis@cern.ch>
Date: Tue, 10 Sep 2019 12:44:50 +0000
Subject: [PATCH] k8s_fedora: Set rp_filter=1 for calico

upstream docs:
Cluster nodes must have rp_filter set to strict (1).
https://github.com/projectcalico/calico/blob/master/v3.9/getting-started/kubernetes/installation/migration-from-flannel.md

story: 2006441
task: 36564

Change-Id: I828cec27968ffe0961011e34a66e0eef3e567c91
Signed-off-by: Spyros Trigazis <spyridon.trigazis@cern.ch>
---
 .../kubernetes/fragments/configure-kubernetes-master.sh    | 7 ++++++-
 .../kubernetes/fragments/configure-kubernetes-minion.sh    | 5 ++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
index 9c5d2f53a1..fd07eb83f0 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
@@ -1,6 +1,9 @@
-#!/bin/sh -x
+#!/bin/bash
 
+set +x
 . /etc/sysconfig/heat-params
+set -x
+set -e
 
 echo "configuring kubernetes (master)"
 
@@ -39,6 +42,8 @@ unmanaged-devices=interface-name:cali*;interface-name:tunl*
 EOF
 }
         systemctl restart NetworkManager
+        echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf
+        $ssh_cmd sysctl -p
     fi
 fi
 
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
index 43f41f2a79..04a29ebf86 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
@@ -1,8 +1,9 @@
-#!/bin/sh
+#!/bin/bash
 
 set +x
 . /etc/sysconfig/heat-params
 set -x
+set -e
 
 ssh_cmd="ssh -F /srv/magnum/.ssh/config root@localhost"
 
@@ -41,6 +42,8 @@ unmanaged-devices=interface-name:cali*;interface-name:tunl*
 EOF
 }
         $ssh_cmd systemctl restart NetworkManager
+        echo "net.ipv4.conf.all.rp_filter = 1" >> /etc/sysctl.conf
+        $ssh_cmd sysctl -p
     fi
 fi